Professional Documents
Culture Documents
CSIA Reviewer
CSIA Reviewer
Legal Ramifications - consequences of breaking the GRAY HAT: “Just for Fun” Hackers - expert who finds
law. ways to hack into computer networks and systems but
without the malicious intent of a black hat hacker.
Sanctions or Termination - if policies are not
followed. GREEN HAT: Hackers in Training - someone who is new
to the hacking world but is intently focused on
increasing their cyberattack skills.
3 Top vectors for vulnerabilities available to a BLUE HAT: Authorized Software Hackers - hired by
cybercriminal are: organizations to bug-test a new software or system
network
Web Browser
RED HAT: Government-Hired Hackers - hired by
IM Clients
government agencies to spot vulnerabilities in security
Web Application systems.
9 Types of Cybercrime:
10 How to Secure your Data
- phishing
2-Factor Authentication
- cyberbullying
Secure your Password
- identity theft
Password Complexity
- credit card theft
Regular Updates
- malware
Updated Antivirus
- online scams
Firewall (Company)
- harassment
Spam Filtering (Spam Software) -cyberbullying
Encryption -credit card theft
Secure DNS
Daily Backup
1. Acceptable Use Policy (AUP) - the acceptable and Tactical Planning - It involves detailed planning to
prohibited uses of a system, network, or application. achieve specific objectives.
2. Access Control Policy - Define who can access what Operational Planning - the most detailed level of
resources, under what conditions. planning, focusing on day-to-day.
3. Remote Access Policy - a document that outlines the Planning Misalignment - a situation where there is a
rules and procedures for remote access. lack of coherence or synchronization between different
levels of planning.
4. Password Policy - a set of rules and guidelines that
define how passwords should be created, managed, and 3 Causes of Planning Misalignment
used.
-Lack of Communication - Inconsistent
5. Physical Security Policy - outlines the procedures for communication leads to misunderstandings and
securing an organization's physical assets, such as can hinder
facilities. planning.
-Competing Priorities - When priorities conflict,
6. Bring Your Own Device Policy - Outlines the rules and resources may be misdirected.
procedures for employees who use their personal -Resistance to Change - Pushback against new
devices. policies can disrupt planned security measures.
2. Business Continuity Plan - is the steps that should be Risk Identification - identifying the risks presented
in a given scenario.
taken to keep the business running in the event of a
Risk Control - Implementing measures to mitigate
disruption. risks. It includes risk avoidance, prevention.
Risk Analysis - gathering data and assessing the
3. Incident Response Plan - Describes the procedures
potential impact.
that should be followed in the event of a security Risk Financing - deals with how an organization
breach. funds its risk management efforts.
- it includes insurance, self-insurance.
4. Risk Management Plan - Identifies the risks faced by
Claim Management - handling claims promptly,
an organization. assessing damages
System Security Plan - outlines the security
controls and safeguards implemented in an
information
system to protect the confidentiality.
12 TYPES OF RISK MANAGEMENT Risk Management Framework
- provides a comprehensive, flexible, repeatable,
Systematic Risk - also known as market risk. the and measurable 7-step process.
overall impact of the market on an investment.
Unsystematic Risk - asset-specific risk, specific to 7 Steps of Risk Management Framework
an individual investment.
Political/Regulatory Risk - arises from political Prepare - to prepare the organization to manage
decisions and changes in regulations. security and privacy risks.
Interest Rate Risk - Fluctuations in interest rates Categorize - Categorize the system and
can affect investments. information processed, stored.
Country Risk - specific to a particular country. Select - Selecting controls to safeguard the
Social Risk - Social norms, movements, and systems and minimize.
unrest can impact businesses. Implement - where the selected controls are put
Environmental Risk - the impact of changes in the into place to head off risks.
environment falls under this category. Assess - assess the effectiveness of the chosen
Operational Risk - Centers on managing controls and their ability.
operational risks like supply chain disruptions, Authorize - Tied to executive approval of the risk
human errors. mitigation mechanisms.
Financial Risk - related to a company's capital Monitor - Continuously monitor control
structure. implementation and risks to the system.
Management Risk - Decisions made by a
7 Steps of Risk Management Framework
company's management team.
Legal Risk - Legal uncertainties arise from
lawsuits, regulatory compliance. Prepare - to prepare the organization to manage
Competition - an industry affects individual security and privacy risks.
Categorize - Categorize the system and
companies.
information processed, stored.
5 Risk Management Strategies Select - Selecting controls to safeguard the
systems and minimize.
Avoidance - strategy aimed at steering clear of Implement - where the selected controls are put
potential risks. into place to head off risks.
Transfer - Shifting the risk to another party. Assess - assess the effectiveness of the chosen
Insurance or contracts. controls and their ability.
Retention - based on the likely frequency and Authorize - Tied to executive approval of the risk
severity of the risks presented. mitigation mechanisms.
Spreading - possible to spread the risk of loss to Monitor - Continuously monitor control
property and persons. implementation and risks to the system.
Loss Prevention and Reduction - When risk
cannot be avoided, the effect of loss can often be Analytics
- process of discovering, interpreting, and
minimized.
communicating significant patterns in data.
5 Components of Risk Management Framework - systematic computational analysis of data or
statistics.
Identification - Identify the risks that the
organization faces. 3 Example of Analytics
Measurement and Assessment - Create a risk Data Analytics - he science of analyzing raw data
profile for each risk that has been identified. to make conclusions.
Mitigation - Identifying and eliminating identified Business Analytics - big data and predictive
risks. focusing on those that are considered analytics are redefining how businesses succeed.
acceptable. Web Analytics - the collection, reporting, and
Reporting and Monitoring - reexamining the risks analysis of website data.
to make sure that the risk mitigation strategies the
organization has adopted are leading to the desired
effect.
Governance - involves ensuring the
implementation of risk mitigation techniques and
ensuring employees.
Automation
- the creation and application of technologies to
produce and deliver goods.
- the technique of making an apparatus, a process,
or a system operate.
3 Example of Automation
Automation System - an integration of sensors,
controls, and actuators designed to perform a
function
with minimal.
Robotics - a branch of engineering that involves
the conception, design, manufacture and operation
of robots.
Automobile - extremely vast and progressive.
Advantages
- Higher production rates
- Increased productivity
- Better product quality
- Saves time
Disadvantages
- Needs large capital expenditure
- Can become redundant
- Still requires human intervention
- Could introduce new safety hazards